I have a scenario where a ROUTER-CLIENT utilize DMVPN to connect with another ROUTER that is a ROUTER-CONCENTRATOR-VPN. The routers utilize CERTIFICATE to authenticate the VPN.
I have two valid certificates(certificate 1 and certificate 2) in the both routers ( Client and VPN Concentrator)
I have a tunnel vpn stablish between ROUTER-CLIENT and ROUTER-VPN-CONCENTRATOR authenticated with certificate 1.
Can i change the certificate that VPN is using on router client (example:certificate 1) to certificate 2 within stop the tunnel VPN ?
Once i have two valid certificates on ROUTER CLIENT and on ROUTER VPN CONCENTRATOR can i determine why certificate the router will utilize to start the vpn ?
I try configure a crypto identity like
crypto idendity < NAME >
dn < WORD>
fqdn < WORD >
and associate this identity on crypto ipsec :
crypto ipsec profile VPNONE
set security-association lifetime seconds 7200
set transform set CRYPTOBB
set idendity <NAME>
But wasn't a good test, is possible utilize another configuration ?